Merge branch 'fixes-v4.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security subsystem fixes from James Morris: - Smack: fix a regression caused by 1bbc55131e5 - X.509: fix a (usually un-seen) bug in RSA signature parsing * 'fixes-v4.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: X.509: unpack RSA signatureValue field from BIT STRING Smack: Mark inode instant in smack_task_to_inode
author: Linus Torvalds <torvalds@linux-foundation.org> 2018-06-26 18:44:15 +0300
committer: Linus Torvalds <torvalds@linux-foundation.org> 2018-06-26 18:44:15 +0300
commit: 813835028e9ae1f18cd11bb0ec591d0f0577d96a (patch)
tree: 5c91429f5cb9f0615ca8dbf2406984583ec27deb /crypto
parent: 84bfed40fc25dd052620398fdcc19d8c77f02270 (diff)
parent: b65c32ec5a942ab3ada93a048089a938918aba7f (diff)
download: linux-813835028e9ae1f18cd11bb0ec591d0f0577d96a.tar.xz
1 files changed, 9 insertions, 0 deletions
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index 7d81e6bb461a..b6cabac4b62b 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -249,6 +249,15 @@ int x509_note_signature(void *context, size_t hdrlen,
 		return -EINVAL;
 	}
 
+	if (strcmp(ctx->cert->sig->pkey_algo, "rsa") == 0) {
+		/* Discard the BIT STRING metadata */
+		if (vlen < 1 || *(const u8 *)value != 0)
+			return -EBADMSG;
+
+		value++;
+		vlen--;
+	}
+
 	ctx->cert->raw_sig = value;
 	ctx->cert->raw_sig_size = vlen;
 	return 0;
author	Linus Torvalds <torvalds@linux-foundation.org>	2018-06-26 18:44:15 +0300
committer	Linus Torvalds <torvalds@linux-foundation.org>	2018-06-26 18:44:15 +0300
commit	813835028e9ae1f18cd11bb0ec591d0f0577d96a (patch)
tree	5c91429f5cb9f0615ca8dbf2406984583ec27deb /crypto
parent	84bfed40fc25dd052620398fdcc19d8c77f02270 (diff)
parent	b65c32ec5a942ab3ada93a048089a938918aba7f (diff)
download	linux-813835028e9ae1f18cd11bb0ec591d0f0577d96a.tar.xz